Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2498 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/31 5:1 p.m.0 views

CVE-2026-32725

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

8.3CVSS5.8AI score0.00834EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/03/31 5:1 p.m.4 views

EUVD-2026-17561

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

8.3CVSS5.8AI score0.00834EPSS
Exploits1References2
CVE
CVEadded 2026/03/31 5:1 p.m.14 views

CVE-2026-32725

Summary: SciTokens C++ (scitokens-cpp) before 1.4.1 is vulnerable to an authorization bypass due to path-based scope handling. The library normalizes the token’s scope path and collapses ".." components instead of rejecting them, allowing potential parent-directory traversal to broaden authorizat...

8.3CVSS5.8AI score0.00834EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/31 5:1 p.m.2 views

CVE-2026-32725 SciTokens C++: Relative Path Traversal Vulnerability

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

8.3CVSS5.8AI score0.00834EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2026/03/31 5:1 p.m.3 views

CVE-2026-32725

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

8.3CVSS5.3AI score0.00834EPSS
Exploits1
ATTACKERKB
ATTACKERKBadded 2026/03/31 5:1 p.m.1 views

CVE-2026-32726

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.8AI score0.00272EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/03/31 5:1 p.m.1 views

EUVD-2026-17563

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.8AI score0.00272EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/03/31 5:1 p.m.0 views

CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.8AI score0.00272EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/31 5:1 p.m.25 views

CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS0.00272EPSS
Exploits1References2
OSV
OSVadded 2026/03/31 5:1 p.m.1 views

CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.8AI score0.00272EPSS
Exploits1References4
Debian CVE
Debian CVEadded 2026/03/31 5:1 p.m.1 views

CVE-2026-32726

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.3AI score0.00272EPSS
Exploits1
CVE
CVEadded 2026/03/31 5:1 p.m.12 views

CVE-2026-32726

SciTokens C++ prior to 1.4.1 contains an authorization bypass in path-based scope validation. The enforcer used a string-prefix check without requiring a path boundary, allowing a token scoped to one path to authorize sibling paths sharing a prefix. This vulnerability has a CVSS v3.1 base score o...

8.1CVSS5.8AI score0.00272EPSS
Exploits1References2Affected Software1
Snyk
Snykadded 2026/03/31 4:54 p.m.2 views

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization due to missing validation of caller scopes in the pair approve process. An attacker can gain unauthorized administrative access by approving...

9.9CVSS5.9AI score0.00624EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/31 3:31 p.m.3 views

EUVD-2026-17437

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

8.6CVSS5.9AI score0.00624EPSS
Exploits0References4
OSV
OSVadded 2026/03/31 3:31 p.m.1 views

GHSA-F275-5H5C-5WG5 Duplicate Advisory: OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hc5h-pmr3-3497. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails ...

9.8CVSS5.8AI score0.00624EPSS
Exploits0References4
NVD
NVDadded 2026/03/31 3:16 p.m.3 views

CVE-2026-33577

OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired...

8.6CVSS0.00379EPSS
Exploits0References3
NVD
NVDadded 2026/03/31 3:16 p.m.3 views

CVE-2026-33579

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

9.9CVSS0.00624EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/31 2:10 p.m.25 views

CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

9.9CVSS0.00624EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/31 2:10 p.m.1 views

CVE-2026-33579 OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes...

9.9CVSS5.9AI score0.00624EPSS
Exploits0References3
CVE
CVEadded 2026/03/31 2:10 p.m.10 views

CVE-2026-33579

Technical details, affected products, and remediation are not provided in the supplied documents. Monitor for updates.

9.9CVSS5.9AI score0.00624EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder